last executing test programs: 10m49.485381129s ago: executing program 1 (id=280): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f00000003c0)={0x2, 0x200000000004e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_pressure(r2, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r3, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f) r4 = openat$cgroup_pressure(r2, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0) ppoll(&(0x7f0000000180)=[{r3}], 0x1, 0x0, 0x0, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r6) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, 0x0, 0x0) write$cgroup_pressure(r4, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f) close(r3) close(r4) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x40a01, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0xe, 0x4, &(0x7f0000000080)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x94) socket$kcm(0x2, 0xa, 0x2) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$sock_timeval(r8, 0x1, 0xd, &(0x7f0000abaff9)={0x0, 0xea60}, 0x10) 10m46.267027035s ago: executing program 0 (id=282): socket$igmp6(0xa, 0x3, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4c, &(0x7f0000000400)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0000ff", 0x16, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4}, {"3097"}}}}}}}, 0x0) 10m43.751937018s ago: executing program 1 (id=283): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1223, 0x3f07, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x2}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000140)={0x20, 0xd, 0x2, {0x2, 0x22}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 10m42.425279972s ago: executing program 0 (id=284): socketpair(0x1, 0x1, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20) 10m38.632582209s ago: executing program 0 (id=285): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)={@ifindex, 0xffffffffffffffff, 0x13, 0x2010, 0xffffffffffffffff, @value}, 0x20) 10m36.02003905s ago: executing program 0 (id=286): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000), &(0x7f0000000040)=0x8) 10m32.10440166s ago: executing program 1 (id=287): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000b80)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3b, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x16, 0x1, 0x0, 0x20}}}}}}, 0x0) 10m26.778105502s ago: executing program 1 (id=288): socket$igmp6(0xa, 0x3, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4c, &(0x7f0000000400)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0000ff", 0x16, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4}, {"3097"}}}}}}}, 0x0) 10m17.550023641s ago: executing program 1 (id=289): socketpair(0x1, 0x1, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20) 10m15.41573543s ago: executing program 0 (id=290): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x8, @mcast2, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e25, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) write(r0, &(0x7f0000000200)="89", 0x3f80) 10m9.716144412s ago: executing program 1 (id=291): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r0}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]]}, 0x2c}}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@private2, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@private0}}, &(0x7f00000000c0)=0xe8) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000240)={{{@in=@rand_addr=0x64010102, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e21, 0xfff7, 0x4e22, 0xeb, 0x2, 0x20, 0x0, 0x0, r5, r6}, {0x800, 0xfffffffffffffff8, 0xb83, 0x5, 0xffffffffffffffff, 0x1, 0x6, 0x5}, {0x5, 0x1, 0x1, 0x9}, 0x9, 0x6e6bb0, 0x0, 0x1, 0x2, 0x3}, {{@in6=@mcast2, 0x4d3, 0x2b}, 0x8, @in=@dev={0xac, 0x14, 0x14, 0x35}, 0x3503, 0x0, 0x2, 0x9, 0x1, 0x1, 0x9}}, 0xe8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00', @random="4f33e363a4b1"}) 0s ago: executing program 0 (id=292): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008001c000000002018000180140002006e657464657673696d300000000000000800080000002000080009"], 0x44}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:19544' (ED25519) to the list of known hosts. syzkaller login: [ 368.739596][ T3176] cgroup: Unknown subsys name 'net' [ 369.213147][ T3176] cgroup: Unknown subsys name 'cpuset' [ 369.354535][ T3176] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 422.447142][ T3176] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 485.668692][ T3183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 485.717585][ T3183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 488.278809][ T3182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 488.465851][ T3182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 497.578303][ T3183] hsr_slave_0: entered promiscuous mode [ 497.655299][ T3183] hsr_slave_1: entered promiscuous mode [ 499.493838][ T3182] hsr_slave_0: entered promiscuous mode [ 499.536668][ T3182] hsr_slave_1: entered promiscuous mode [ 499.577872][ T3182] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 499.586212][ T3182] Cannot create hsr debugfs directory [ 505.937935][ T3183] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 506.301003][ T3183] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 506.818524][ T3183] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 507.377376][ T3183] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 509.056186][ T3182] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 509.169033][ T3182] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 509.388861][ T3182] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 509.629759][ T3182] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 523.358748][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 524.025042][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.687751][ T3183] veth0_vlan: entered promiscuous mode [ 567.890860][ T3183] veth1_vlan: entered promiscuous mode [ 568.113879][ T3182] veth0_vlan: entered promiscuous mode [ 569.026153][ T3182] veth1_vlan: entered promiscuous mode [ 571.083592][ T3183] veth0_macvtap: entered promiscuous mode [ 571.677627][ T3183] veth1_macvtap: entered promiscuous mode [ 571.926550][ T3182] veth0_macvtap: entered promiscuous mode [ 572.618544][ T3182] veth1_macvtap: entered promiscuous mode [ 574.285609][ T3183] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.290737][ T3183] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.305871][ T3183] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.307185][ T3183] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.281164][ T3182] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.288653][ T3182] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.290974][ T3182] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.305913][ T3182] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.118031][ T3183] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 592.049996][ T3891] block device autoloading is deprecated and will be removed. [ 601.287367][ T3881] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 601.716677][ T3881] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 601.719962][ T3881] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 601.734577][ T3881] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 601.736709][ T3881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.816614][ T3881] usb 1-1: config 0 descriptor?? [ 602.517383][ T3907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 602.645813][ T3907] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 603.640047][ T3881] usb 1-1: USB disconnect, device number 2 [ 648.669112][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.947651][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.126988][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.885810][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.789281][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 663.981130][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 664.098718][ T11] bond0 (unregistering): Released all slaves [ 665.628724][ T11] hsr_slave_0: left promiscuous mode [ 665.683564][ T11] hsr_slave_1: left promiscuous mode [ 666.029097][ T11] veth1_macvtap: left promiscuous mode [ 666.049924][ T11] veth0_macvtap: left promiscuous mode [ 666.082816][ T11] veth1_vlan: left promiscuous mode [ 666.100403][ T11] veth0_vlan: left promiscuous mode [ 698.960324][ T4046] syz_tun: entered promiscuous mode [ 699.118709][ T4046] batadv_slave_1: entered promiscuous mode [ 721.558649][ T3938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.735735][ T3938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 743.887610][ T3938] hsr_slave_0: entered promiscuous mode [ 743.975983][ T3938] hsr_slave_1: entered promiscuous mode [ 759.026770][ T3938] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 759.299569][ T3938] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 759.989567][ T3938] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 760.284066][ T3938] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 799.205609][ T3938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 901.308483][ T4089] syz_tun (unregistering): left promiscuous mode [ 907.539868][ T4239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 915.356706][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 919.250082][ T4239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 923.377695][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 933.957622][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 939.120686][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 990.462367][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 991.332969][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 992.856143][ T11] bond0 (unregistering): Released all slaves [ 996.926546][ T11] batadv_slave_1: left promiscuous mode [ 999.018767][ T11] hsr_slave_0: left promiscuous mode [ 999.345774][ T11] hsr_slave_1: left promiscuous mode [ 1000.986627][ T11] veth1_macvtap: left promiscuous mode [ 1001.027637][ T11] veth0_macvtap: left promiscuous mode [ 1001.109041][ T11] veth1_vlan: left promiscuous mode [ 1001.317611][ T11] veth0_vlan: left promiscuous mode [ 1011.181739][ C0] hrtimer: interrupt took 20828500 ns [ 1035.883490][ T4239] hsr_slave_0: entered promiscuous mode [ 1035.926106][ T4239] hsr_slave_1: entered promiscuous mode [ 1035.969446][ T4239] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1035.971074][ T4239] Cannot create hsr debugfs directory [ 1048.068345][ T4239] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1048.267136][ T4239] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1048.475617][ T4239] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1048.696501][ T4239] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1062.160821][ T4239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1070.669197][ T3938] veth0_vlan: entered promiscuous mode [ 1070.981153][ T3938] veth1_vlan: entered promiscuous mode [ 1071.886594][ T3938] veth0_macvtap: entered promiscuous mode [ 1072.157867][ T3938] veth1_macvtap: entered promiscuous mode [ 1074.939982][ T3938] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.970188][ T3938] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1075.025159][ T3938] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1075.027364][ T3938] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.815169][ T35] audit: type=1326 audit(1081.620:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4774 comm="syz.1.18" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xda7b6 code=0x0 [ 1093.124734][ T4789] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1111.687954][ T35] audit: type=1326 audit(1110.490:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.1.32" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xda7b6 code=0x0 [ 1124.678848][ T4239] veth0_vlan: entered promiscuous mode [ 1125.188462][ T4239] veth1_vlan: entered promiscuous mode [ 1127.488087][ T4239] veth0_macvtap: entered promiscuous mode [ 1127.770912][ T4239] veth1_macvtap: entered promiscuous mode [ 1129.060511][ T4239] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1129.065862][ T4239] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1129.068433][ T4239] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1129.070600][ T4239] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1197.599337][ T4909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.61'. [ 1208.748001][ T4923] netlink: 116 bytes leftover after parsing attributes in process `syz.0.65'. [ 1240.630957][ T4965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.76'. [ 1241.196629][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1247.570739][ T4974] netlink: 'syz.1.80': attribute type 10 has an invalid length. [ 1257.914869][ T4984] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1274.927920][ T4999] sctp: failed to load transform for md5: -2 [ 1297.941103][ T5028] Zero length message leads to an empty skb [ 1425.597324][ T3814] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1425.897244][ T3814] usb 2-1: Using ep0 maxpacket: 16 [ 1426.034220][ T3814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1426.041115][ T3814] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1426.063743][ T3814] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1426.067307][ T3814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1426.191861][ T3814] usb 2-1: config 0 descriptor?? [ 1428.043767][ T3814] usbhid 2-1:0.0: can't add hid device: -71 [ 1428.053445][ T3814] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1428.197959][ T3814] usb 2-1: USB disconnect, device number 2 [ 1452.375755][ T4770] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1452.744406][ T4770] usb 2-1: Using ep0 maxpacket: 16 [ 1452.823411][ T4770] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1452.825462][ T4770] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1452.827283][ T4770] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1452.828868][ T4770] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1452.930192][ T4770] usb 2-1: config 0 descriptor?? [ 1454.250226][ T4770] usbhid 2-1:0.0: can't add hid device: -71 [ 1454.257919][ T4770] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1454.339921][ T4770] usb 2-1: USB disconnect, device number 3 [ 1535.878006][ T4519] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1536.720325][ T4519] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1537.833973][ T4519] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1538.364577][ T4519] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1545.827329][ T4519] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1546.138660][ T4519] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1546.269910][ T4519] bond0 (unregistering): Released all slaves [ 1548.075458][ T4519] hsr_slave_0: left promiscuous mode [ 1548.208564][ T4519] hsr_slave_1: left promiscuous mode [ 1549.036024][ T4519] veth1_macvtap: left promiscuous mode [ 1549.039970][ T4519] veth0_macvtap: left promiscuous mode [ 1549.148202][ T4519] veth1_vlan: left promiscuous mode [ 1549.222558][ T4519] veth0_vlan: left promiscuous mode [ 1563.835009][ T5447] netlink: 28 bytes leftover after parsing attributes in process `syz.0.180'. [ 1590.843277][ T5414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1591.039302][ T5414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1605.286546][ T5660] netlink: 'syz.0.188': attribute type 1 has an invalid length. [ 1605.288936][ T5660] netlink: 76 bytes leftover after parsing attributes in process `syz.0.188'. [ 1615.510851][ T5414] hsr_slave_0: entered promiscuous mode [ 1615.589311][ T5414] hsr_slave_1: entered promiscuous mode [ 1629.999139][ T5414] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1630.233675][ T5414] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1630.668264][ T5414] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1630.915605][ T5414] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1642.524860][ T5414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1702.058998][ T5414] veth0_vlan: entered promiscuous mode [ 1702.750945][ T5414] veth1_vlan: entered promiscuous mode [ 1705.756146][ T5414] veth0_macvtap: entered promiscuous mode [ 1706.157542][ T5414] veth1_macvtap: entered promiscuous mode [ 1710.517590][ T5414] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1710.533381][ T5414] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1710.539220][ T5414] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1710.593765][ T5414] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1719.136879][ T5932] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1812.695575][ T4553] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1812.984579][ T4553] usb 2-1: Using ep0 maxpacket: 16 [ 1813.040033][ T4553] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1813.044523][ T4553] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1813.049299][ T4553] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1813.052334][ T4553] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1813.155309][ T4553] usb 2-1: config 0 descriptor?? [ 1814.192845][ T4553] usbhid 2-1:0.0: can't add hid device: -71 [ 1814.195671][ T4553] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1814.385246][ T4553] usb 2-1: USB disconnect, device number 4 [ 1840.298214][ T3913] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1840.526115][ T3913] usb 2-1: Using ep0 maxpacket: 16 [ 1840.642842][ T3913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1840.644762][ T3913] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1840.646884][ T3913] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1840.648222][ T3913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1840.705752][ T3913] usb 2-1: config 0 descriptor?? [ 1842.114926][ T3913] usbhid 2-1:0.0: can't add hid device: -71 [ 1842.127105][ T3913] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1842.356040][ T3913] usb 2-1: USB disconnect, device number 5 [ 1855.780035][ T6133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.259'. [ 1856.085084][ T6133] netlink: 'syz.0.259': attribute type 10 has an invalid length. [ 1857.816846][ T4770] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1858.080912][ T4770] usb 2-1: Using ep0 maxpacket: 16 [ 1858.228276][ T4770] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1858.230990][ T4770] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1858.236570][ T4770] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1858.238757][ T4770] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1858.324817][ T4770] usb 2-1: config 0 descriptor?? [ 1860.016731][ T4770] usbhid 2-1:0.0: can't add hid device: -71 [ 1860.024563][ T4770] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1860.116966][ T4770] usb 2-1: USB disconnect, device number 6 [ 1878.986041][ T3814] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1879.314026][ T3814] usb 2-1: Using ep0 maxpacket: 16 [ 1879.546661][ T3814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1879.548453][ T3814] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1879.550901][ T3814] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1879.556413][ T3814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1879.685285][ T3814] usb 2-1: config 0 descriptor?? [ 1882.206028][ T3814] usbhid 2-1:0.0: can't add hid device: -71 [ 1882.211093][ T3814] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1882.335564][ T3814] usb 2-1: USB disconnect, device number 7 [ 1910.243960][ T6111] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1910.503321][ T6111] usb 1-1: Using ep0 maxpacket: 16 [ 1910.744297][ T6111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1910.747414][ T6111] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1910.771092][ T6111] usb 1-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1910.776124][ T6111] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1910.971102][ T6111] usb 1-1: config 0 descriptor?? [ 1912.555127][ T6111] usbhid 1-1:0.0: can't add hid device: -71 [ 1912.560698][ T6111] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1912.844380][ T6111] usb 1-1: USB disconnect, device number 3 [ 1925.247767][ T6237] syz.1.280 uses obsolete (PF_INET,SOCK_PACKET) [ 1928.945065][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1929.177892][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1929.280024][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1929.290165][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1929.300510][ T9] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 1929.304533][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1929.400011][ T9] usb 2-1: config 0 descriptor?? [ 1931.085430][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 1931.088101][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1931.228291][ T9] usb 2-1: USB disconnect, device number 8 [ 2556.808677][ C0] kworker/0:4: page allocation failure: order:0, mode:0x40820(GFP_ATOMIC|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0 [ 2556.818181][ C0] CPU: 0 UID: 0 PID: 3875 Comm: kworker/0:4 Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0 [ 2556.820114][ C0] Hardware name: riscv-virtio,qemu (DT) [ 2556.821130][ C0] Workqueue: events_power_efficient wg_ratelimiter_gc_entries [ 2556.823837][ C0] Call Trace: [ 2556.824605][ C0] [] dump_backtrace+0x2e/0x3c [ 2556.825879][ C0] [] show_stack+0x34/0x40 [ 2556.826993][ C0] [] dump_stack_lvl+0x122/0x196 [ 2556.828000][ C0] [] dump_stack+0x1c/0x24 [ 2556.829404][ C0] [] warn_alloc+0x170/0x292 [ 2556.830808][ C0] [] __alloc_pages_noprof+0x1294/0x1eb6 [ 2556.832048][ C0] [] alloc_pages_mpol_noprof+0xf8/0x48a [ 2556.833013][ C0] [] alloc_pages_noprof+0x174/0x2f0 [ 2556.834022][ C0] [] new_slab+0x2be/0x400 [ 2556.834952][ C0] [] ___slab_alloc+0xaca/0x114c [ 2556.836026][ C0] [] __slab_alloc.constprop.0+0x60/0xb2 [ 2556.837028][ C0] [] kmem_cache_alloc_node_noprof+0xc8/0x34e [ 2556.838121][ C0] [] __alloc_skb+0x32c/0x42a [ 2556.839117][ C0] [] synproxy_send_client_synack+0x1b4/0xc9a [ 2556.840618][ C0] [] nft_synproxy_do_eval+0x8ac/0xa52 [ 2556.842007][ C0] [] nft_synproxy_eval+0x28/0x36 [ 2556.842954][ C0] [] nft_do_chain+0x328/0x1598 [ 2556.843907][ C0] [] nft_do_chain_inet+0x180/0x316 [ 2556.844847][ C0] [] nf_hook_slow+0xb8/0x1ec [ 2556.847115][ C0] [] ip_local_deliver+0x2ea/0x568 [ 2556.848886][ C0] [] ip_rcv_finish+0x1b0/0x2d2 [ 2556.850717][ C0] [] ip_rcv+0xd6/0x44e [ 2556.852397][ C0] [] __netif_receive_skb_one_core+0x106/0x16e [ 2556.854270][ C0] [] __netif_receive_skb+0x2c/0x144 [ 2556.856081][ C0] [] process_backlog+0x4fc/0x1cbc [ 2556.857802][ C0] [] __napi_poll.constprop.0+0xaa/0x4b8 [ 2556.859590][ C0] [] net_rx_action+0xa12/0xf10 [ 2556.861392][ C0] [] handle_softirqs+0x4a6/0x10de [ 2556.863243][ C0] [] __irq_exit_rcu+0x188/0x372 [ 2556.864995][ C0] [] irq_exit_rcu+0x10/0xf8 [ 2556.866513][ C0] [] handle_riscv_irq+0x40/0x4c [ 2556.868192][ C0] [] call_on_irq_stack+0x32/0x40 [ 2556.872422][ C0] Mem-Info: [ 2556.875006][ C0] active_anon:2266 inactive_anon:0 isolated_anon:0 [ 2556.875006][ C0] active_file:667 inactive_file:34440 isolated_file:0 [ 2556.875006][ C0] unevictable:768 dirty:11 writeback:0 [ 2556.875006][ C0] slab_reclaimable:2518 slab_unreclaimable:211914 [ 2556.875006][ C0] mapped:9529 shmem:810 pagetables:340 [ 2556.875006][ C0] sec_pagetables:0 bounce:0 [ 2556.875006][ C0] kernel_misc_reclaimable:0 [ 2556.875006][ C0] free:53394 free_pcp:418 free_cma:52608 [ 2556.882814][ C0] Node 0 active_anon:9064kB inactive_anon:0kB active_file:2668kB inactive_file:137760kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:38116kB dirty:44kB writeback:0kB shmem:3240kB writeback_tmp:0kB kernel_stack:5824kB pagetables:1360kB sec_pagetables:0kB all_unreclaimable? no [ 2556.887401][ C0] Node 0 DMA32 free:213576kB boost:11496kB min:16288kB low:17724kB high:19160kB reserved_highatomic:12288KB active_anon:9064kB inactive_anon:0kB active_file:2668kB inactive_file:137760kB unevictable:3072kB writepending:44kB present:2097152kB managed:1438716kB mlocked:0kB bounce:0kB free_pcp:1660kB local_pcp:288kB free_cma:210432kB [ 2556.896577][ C0] lowmem_reserve[]: 0 0 0 [ 2556.900164][ C0] Node 0 DMA32: 0*4kB 5*8kB (H) 4*16kB (H) 1*32kB (H) 1*64kB (H) 1*128kB (H) 1*256kB (H) 2*512kB (HC) 3*1024kB (HC) 0*2048kB 51*4096kB (C) = 213576kB [ 2556.909552][ C0] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2556.911063][ C0] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2556.913330][ C0] 35917 total pagecache pages [ 2556.914638][ C0] 0 pages in swap cache [ 2556.915646][ C0] Free swap = 124996kB [ 2556.916653][ C0] Total swap = 124996kB [ 2556.917877][ C0] 524288 pages RAM [ 2556.918835][ C0] 0 pages HighMem/MovableOnly [ 2556.919865][ C0] 164609 pages reserved [ 2556.920853][ C0] 52736 pages cma reserved [ 2556.923800][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.925421][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.927117][ C0] node 0: slabs: 21046, objs: 252552, free: 0 [ 2556.930079][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.932694][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.934229][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.937766][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.939305][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.940809][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.944482][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.946130][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.947650][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.950981][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.953558][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.955115][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.957797][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.959303][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.960740][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.964752][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.966292][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.967747][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.970450][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.973332][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.974922][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.977663][ C0] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.979149][ C0] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.980615][ C0] node 0: slabs: 21047, objs: 252564, free: 0 [ 2556.990367][ T6111] SLUB: Unable to allocate memory on CPU 0 (of node 0) on node -1, gfp=0x820(GFP_ATOMIC) [ 2556.993124][ T6111] cache: skbuff_head_cache, object size: 240, buffer size: 320, default order: 0, min order: 0 [ 2556.994740][ T6111] node 0: slabs: 21047, objs: 252564, free: 0 [ 2868.489259][ T6295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2868.979237][ T6297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2869.056425][ T6295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2869.193303][ T6297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2901.523889][ T6297] hsr_slave_0: entered promiscuous mode [ 2901.949769][ T6297] hsr_slave_1: entered promiscuous mode [ 2902.220608][ T6297] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2902.234383][ T6297] Cannot create hsr debugfs directory [ 2907.876672][ T6295] hsr_slave_0: entered promiscuous mode [ 2908.199856][ T6295] hsr_slave_1: entered promiscuous mode [ 2908.807855][ T6295] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2908.810400][ T6295] Cannot create hsr debugfs directory [ 2927.380598][ T6297] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3207.427319][ T36] INFO: task syz-executor:4239 blocked for more than 430 seconds. [ 3207.429758][ T36] Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0 [ 3207.506505][ T36] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3207.508823][ T36] task:syz-executor state:D stack:0 pid:4239 tgid:4239 ppid:1 flags:0x00000006 SYZFAIL: failed to recv rpc [ 3207.584401][ T36] Call Trace: [ 3207.586293][ T36] [] __schedule+0xd5a/0x3886 [ 3207.588127][ T36] [] schedule+0xc4/0x324 [ 3207.589836][ T36] [] schedule_timeout+0x1e2/0x296 [ 3207.635891][ T36] [] __wait_for_common+0x1ca/0x4b6 [ 3207.638377][ T36] [] wait_for_completion+0x1a/0x22 [ 3207.640237][ T36] [] rcu_barrier+0x2dc/0x6cc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 3207.705288][ T36] [] netdev_run_todo+0x294/0x105e [ 3207.707710][ T36] [] rtnl_unlock+0x14/0x1c [ 3207.710642][ T36] [] tun_chr_close+0xde/0x230 [ 3207.734597][ T36] [] __fput+0x378/0x9e6 [ 3207.736573][ T36] [] ____fput+0x1c/0x26 [ 3207.738489][ T36] [] task_work_run+0x16a/0x25e [ 3207.740227][ T36] [] do_exit+0xa4c/0x2986 [ 3207.843190][ T36] [] do_group_exit+0xd4/0x26c [ 3207.845645][ T36] [] get_signal+0x1e98/0x23b0 [ 3207.847537][ T36] [] arch_do_signal_or_restart+0x8d6/0x1190 [ 3207.849438][ T36] [] syscall_exit_to_user_mode+0x2a6/0x31e [ 3207.873170][ T36] [] do_trap_ecall_u+0x86/0x216 [ 3207.875669][ T36] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3207.878580][ T36] [ 3207.878580][ T36] Showing all locks held in the system: [ 3207.880609][ T36] 1 lock held by kworker/R-mm_pe/13: [ 3207.935041][ T36] #0: ffffffff87e86d68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x36/0x3c4 [ 3207.994148][ T36] 1 lock held by khungtaskd/36: [ 3207.996067][ T36] #0: ffffffff87fcc100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x68/0x2d6 [ 3208.000851][ T36] 2 locks held by kworker/1:2/1834: [ 3208.033711][ T36] 1 lock held by syslogd/2995: [ 3208.035681][ T36] 2 locks held by getty/3151: [ 3208.037104][ T36] #0: ff6000001d20d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 [ 3208.103358][ T36] #1: ff2000000008b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xd7c/0x129a [ 3208.108165][ T36] 2 locks held by syz-executor/3176: [ 3208.109715][ T36] 2 locks held by kworker/1:3/3814: [ 3208.111146][ T36] 1 lock held by syz-executor/4239: [ 3208.165960][ T36] #0: ffffffff87fdc6c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x56/0x6cc [ 3208.170948][ T36] 4 locks held by kworker/R-wg-cr/4444: [ 3208.215567][ T36] 1 lock held by kworker/R-wg-cr/4447: [ 3208.217143][ T36] #0: ffffffff87e86d68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x36/0x3c4 [ 3208.262625][ T36] 1 lock held by kworker/R-wg-cr/4450: [ 3208.264615][ T36] #0: ffffffff87e86d68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x36/0x3c4 [ 3208.269300][ T36] 2 locks held by kworker/0:3/4553: [ 3208.270951][ T36] 2 locks held by kworker/1:0/4770: [ 3208.316890][ T36] 3 locks held by kworker/u9:16/5361: [ 3208.318488][ T36] #0: ff60000011071148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x848/0x1dae [ 3208.366767][ T36] #1: ff20000002ef7c90 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1dae [ 3208.414325][ T36] #2: ffffffff87e86d68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: idle_cull_fn+0xc0/0x434 [ 3208.419301][ T36] 1 lock held by syz-executor/5414: [ 3208.420818][ T36] #0: ffffffff87fdc6c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x56/0x6cc [ 3208.459144][ T36] 1 lock held by kworker/R-wg-cr/5551: [ 3208.460729][ T36] #0: ffffffff87e86d68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x36/0x3c4 [ 3208.498267][ T36] 3 locks held by kworker/R-wg-cr/5554: [ 3208.499867][ T36] 1 lock held by kworker/R-wg-cr/5557: [ 3208.534758][ T36] #0: ffffffff87e86d68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x36/0x3c4 [ 3208.540778][ T36] 2 locks held by kworker/1:1/6052: [ 3208.582932][ T36] 4 locks held by kworker/1:6/6279: [ 3208.584952][ T36] 4 locks held by kworker/0:2/6280: [ 3208.586583][ T36] #0: ff6000001820a548 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_one_work+0x848/0x1dae [ 3208.632899][ T36] #1: ff20000004ea7c90 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((typeof(*((worker))) *)((worker)))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1dae [ 3208.640104][ T36] #2: ff60000019a0d208 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x12c/0x904 [ 3208.686813][ T36] #3: ff6000001c7dc4d8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x4b4/0x904 [ 3208.725499][ T36] 4 locks held by kworker/u10:0/6282: [ 3208.727508][ T36] #0: ff6000002e9a1948 ((wq_completion)wg-kex-wg0#3){+.+.}-{0:0}, at: process_one_work+0x848/0x1dae [ 3208.775579][ T36] #1: ff20000001b97c90 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1dae [ 3208.781010][ T36] #2: ff60000019a0d208 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0xe4/0x5f0 [ 3208.820236][ T36] #3: ff6000001c7dc4d8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0xee/0x5f0 [ 3208.848743][ T36] 4 locks held by syz-executor/6295: [ 3208.850430][ T36] #0: ff6000001c2b2420 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x728/0x9b4 [ 3208.899587][ T36] #1: ff60000029146088 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x23a/0x460 [ 3208.958745][ T36] #2: ff6000001aca4c38 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x258/0x460 [ 3209.018996][ T36] #3: ffffffff88c129e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf0/0x48c [ 3209.108651][ T36] 7 locks held by syz-executor/6297: [ 3209.111262][ T36] #0: ff6000001c2b2420 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x728/0x9b4 [ 3209.179259][ T36] #1: ff6000002988fc88 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x23a/0x460 [ 3209.247054][ T36] #2: ff6000001aca4c38 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x258/0x460 [ 3209.308717][ T36] #3: ffffffff88c129e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf0/0x48c [ 3209.379718][ T36] #4: ff600000189330e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x9c/0x572 [ 3209.428764][ T36] #5: ff60000018931250 (&devlink->lock_key#5){+.+.}-{3:3}, at: devl_lock+0x22/0x2c [ 3209.501311][ T36] #6: ffffffff87fdc6c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x56/0x6cc [ 3209.538886][ T36] 3 locks held by kworker/1:7/6319: [ 3209.540516][ T36] 1 lock held by kworker/1:8/6896: [ 3209.596817][ T36] #0: ffffffff87e86d68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x36/0x3c4 [ 3209.655501][ T36] [ 3209.657127][ T36] ============================================= [ 3209.657127][ T36] [ 3209.659431][ T36] NMI backtrace for cpu 0 [ 3209.660676][ T36] CPU: 0 UID: 0 PID: 36 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0 [ 3209.662553][ T36] Hardware name: riscv-virtio,qemu (DT) [ 3209.663754][ T36] Call Trace: [ 3209.664809][ T36] [] dump_backtrace+0x2e/0x3c [ 3209.666509][ T36] [] show_stack+0x34/0x40 [ 3209.667992][ T36] [] dump_stack_lvl+0x122/0x196 [ 3209.669712][ T36] [] dump_stack+0x1c/0x24 [ 3209.671312][ T36] [] nmi_cpu_backtrace+0x39c/0x39e [ 3209.673157][ T36] [] nmi_trigger_cpumask_backtrace+0x2b6/0x456 [ 3209.676551][ T36] [] arch_trigger_cpumask_backtrace+0x2c/0x3c [ 3209.678438][ T36] [] watchdog+0xcfa/0x1178 [ 3209.679931][ T36] [] kthread+0x28c/0x3a6 [ 3209.681492][ T36] [] ret_from_fork+0xe/0x18 [ 3209.686751][ T36] Sending NMI from CPU 0 to CPUs 1: [ 3209.689226][ C1] NMI backtrace for cpu 1 [ 3209.691041][ C1] CPU: 1 UID: 0 PID: 5554 Comm: kworker/R-wg-cr Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0 [ 3209.693179][ C1] Hardware name: riscv-virtio,qemu (DT) [ 3209.694528][ C1] Workqueue: wg-crypt-wg1 wg_packet_decrypt_worker [ 3209.696646][ C1] epc : arch_local_irq_restore+0xc/0x12 [ 3209.698376][ C1] ra : lock_is_held_type+0x150/0x1f2 [ 3209.700145][ C1] epc : ffffffff80232184 ra : ffffffff85fda606 sp : ff20000000017530 [ 3209.702152][ C1] gp : ffffffff897bea80 tp : ff6000001c238000 t0 : ff6000001c238b20 [ 3209.703855][ C1] t1 : ff6000001c238bc0 t2 : 0000000000000006 s0 : ff20000000017540 [ 3209.706131][ C1] s1 : ffffffff90b60b08 a0 : 0000000000000002 a1 : ffffffff8643e8a0 [ 3209.709148][ C1] a2 : 0000000000f00000 a3 : 0000000000000001 a4 : 0000000000000000 [ 3209.711600][ C1] a5 : 0000000000000001 a6 : 0000000000f00000 a7 : 0000000056e543b7 [ 3209.713394][ C1] s2 : ff6000006ec3a708 s3 : 0000000000000001 s4 : ff6000001c239000 [ 3209.715162][ C1] s5 : ffffffffffffffff s6 : 0000000200000022 s7 : ffffffff86258708 [ 3209.716860][ C1] s8 : ffffffff90b60b00 s9 : 0000000000000003 s10: ffffffffffffffff [ 3209.720104][ C1] s11: 1fec00000397ce35 t3 : 1fec000003847163 t4 : 000000000000000f [ 3209.724525][ C1] t5 : 8374b928a67c3bc0 t6 : 1fec00000384717c [ 3209.727264][ C1] status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000001 [ 3209.730820][ C1] [] arch_local_irq_restore+0xc/0x12 [ 3209.734484][ C1] [] lock_is_held_type+0x150/0x1f2 [ 3209.737591][ C1] [] rcu_read_lock_held+0x3c/0x4e [ 3209.740224][ C1] [] net_generic+0x274/0x310 [ 3209.743432][ C1] [] nf_conntrack_free+0x140/0x4a4 [ 3209.746299][ C1] [] nf_ct_destroy+0x176/0x272 [ 3209.749183][ C1] [] nf_conntrack_in+0x728/0x1b28 [ 3209.751639][ C1] [] ipv4_conntrack_in+0x20/0x2e [ 3209.754809][ C1] [] nf_hook_slow+0xb8/0x1ec [ 3209.757866][ C1] [] ip_rcv+0x20e/0x44e [ 3209.760683][ C1] [] __netif_receive_skb_one_core+0x106/0x16e [ 3209.764567][ C1] [] __netif_receive_skb+0x2c/0x144 [ 3209.767699][ C1] [] process_backlog+0x4fc/0x1cbc [ 3209.770821][ C1] [] __napi_poll.constprop.0+0xaa/0x4b8 [ 3209.775324][ C1] [] net_rx_action+0xa12/0xf10 [ 3209.778351][ C1] [] handle_softirqs+0x4a6/0x10de [ 3209.781475][ C1] [] __do_softirq+0x12/0x1a [ 3209.784691][ C1] [] ___do_softirq+0x18/0x20 [ 3209.787556][ C1] [] call_on_irq_stack+0x32/0x40 [ 3210.524673][ T36] Kernel panic - not syncing: hung_task: blocked tasks [ 3210.527238][ T36] CPU: 0 UID: 0 PID: 36 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00002-gcfb10de18538 #0 [ 3210.528972][ T36] Hardware name: riscv-virtio,qemu (DT) [ 3210.530120][ T36] Call Trace: [ 3210.531559][ T36] [] dump_backtrace+0x2e/0x3c [ 3210.533209][ T36] [] show_stack+0x34/0x40 [ 3210.534635][ T36] [] dump_stack_lvl+0x108/0x196 [ 3210.536311][ T36] [] dump_stack+0x1c/0x24 [ 3210.537967][ T36] [] panic+0x388/0x86c [ 3210.539422][ T36] [] watchdog+0x78a/0x1178 [ 3210.540919][ T36] [] kthread+0x28c/0x3a6 [ 3210.542623][ T36] [] ret_from_fork+0xe/0x18 [ 3210.544664][ T36] SMP: stopping secondary CPUs [ 3210.548260][ T36] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:45:20 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff808dba50 mhartid 0000000000000000 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000020 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 0000000080000428 stvec ffffffff85ffc970 vstvec 0000000000000000 mepc ffffffff8001fb06 sepc ffffffff80261b60 vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000009 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080029000 sscratch 0000000000000000 satp a012300000099246 x0/zero 0000000000000000 x1/ra ffffffff808db9f8 x2/sp ff200000000078d0 x3/gp ffffffff897bea80 x4/tp ff60000013aa1a40 x5/t0 ff6000003e28e300 x6/t1 000000000000000a x7/t2 000000000000001b x8/s0 ff20000000007980 x9/s1 ff6000001100d780 x10/a0 0000000000000000 x11/a1 ffffffff90b60b00 x12/a2 0000000000000001 x13/a3 00000000001cc088 x14/a4 ff6000003e28e348 x15/a5 ff6000003e28e320 x16/a6 ffffffff808db9e4 x17/a7 000000000e399436 x18/s2 ff6000006ec32430 x19/s3 0000000000002120 x20/s4 ffffffff814a9348 x21/s5 ffffffff897d9bc0 x22/s6 0000000000000028 x23/s7 ff6000003e28e310 x24/s8 0000000200000120 x25/s9 ffffffff90b60b00 x26/s10 0000000000000007 x27/s11 00000000001cc080 x28/t3 1fec0000027544ab x29/t4 000000000000000a x30/t5 f1b30103890b29cc x31/t6 1fec0000027544ba f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff8033bece mhartid 0000000000000001 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 0000000080000428 stvec ffffffff85ffc970 vstvec 0000000000000000 mepc ffffffff8532a4cc sepc ffffffff802486bc vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080027000 sscratch 0000000000000000 satp a001300000095b1d x0/zero 0000000000000000 x1/ra ffffffff80345c82 x2/sp ff20000000016220 x3/gp ffffffff897bea80 x4/tp ff60000018cf9a40 x5/t0 ff60000018cfa560 x6/t1 ff60000018cfa600 x7/t2 1fec00000319f4a8 x8/s0 ff20000000015eb0 x9/s1 ffffffff898bca80 x10/a0 ffffffffcefcbc4d x11/a1 ffffffff8643e8a0 x12/a2 0000000000000012 x13/a3 1ffffffff13174d8 x14/a4 ffffffff88006688 x15/a5 00000000000000a0 x16/a6 ffffffff8cfb54e0 x17/a7 0000000020938178 x18/s2 ffffffff880066b8 x19/s3 ffffffff88006680 x20/s4 0000000000000000 x21/s5 dfffffff00000000 x22/s6 1fffffffffffffff x23/s7 fffffffef1000cd7 x24/s8 ffffffff880066d8 x25/s9 000ee6b280000000 x26/s10 7fffffffffffffff x27/s11 1fec00000dd87ce5 x28/t3 1fec00000319f4ab x29/t4 000000000000000c x30/t5 cf5845a49c6a17af x31/t6 1fec00000319f4c4 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000